COMMENT: Be careful with websites using email addresses as UserID

According to a new report, fraudsters have develop a string of new ways to obtain information about new targets. In essence they conduct Registration Attacks where the spammers and phishers automatically run thousands of e-mail addresses through the Web site's new registration process. As some sites return messages dialogue when an e-mail address is registered with the site the attackers then is notified that the address represents a registered customer. Similarly, a similar manner can be used to test a website's Password Reminder page. By testing thousands of email addresses, the fraudster will effective succeed to locate a few members registered with the email when a message "password sent" is flashed.

From there, the fraudster then begin their targetted Phishing spam attacks. For more information about these new methods of developing a Phishing database, read the report by bluesecurity located here: Hostile Consumer Profiling